On 11/20/2017 5:51 PM, Rasmus Villemoes wrote:
This reverts commit 92266d6ef60c2381c980c6cdcb2a5c1667b36b49, which was simply wrong: In the case where domain is NULL, we now use the wrong offsetof() in the list_first_entry macro, so we don't actually fetch the ->cookie value, but rather the eight bytes located sizeof(struct list_head) further into the struct async_entry.
On 64 bit, that's the data member, while on 32 bit, we get a u64 built from func and data in some order.
I think the bug happens to be harmless in practice: It obviously only affects callers which pass a NULL domain, and AFAICT the only such caller is
async_synchronize_full() -> async_synchronize_full_domain(NULL) -> async_synchronize_cookie_domain(ASYNC_COOKIE_MAX, NULL)
and the ASYNC_COOKIE_MAX means that in practice we end up waiting for the async_global_pending list to be empty - but it would break if somebody happened to pass (void*)-1 as the data element to async_schedule, and of course also if somebody ever does a async_synchronize_cookie_domain(, NULL) with a "finite" cookie value.
Cc: stable@vger.kernel.org # 3.10+
Recommend adding "Fixes" notation here referencing the original broken commit.
Signed-off-by: Rasmus Villemoes linux@rasmusvillemoes.dk
[..]